Data protection and compliance solutions provider HITRUST has announced the release of new Shared Responsibility Matrices for Amazon Web Services (AWS) and Microsoft Azure.Best known for the HITRUST CSF (Common Security Framework), the Texas-based company has worked with healthcare, technology and information security organizations to help organizations safe

byPaul DucklinHere’s our latest Naked Security Live talk, explaining why HTTPS is vital, even if you’re publishing public data that isn’t confidential.Thats because HTTPS isn’t just about the confidentiality of the data you browse to – it’s also about improving your privacy in respect of what you chose to look at, when you

Security researchers with Sakura Samurai identified exposed GitHub credentials on a United Nations Environment Programme (UNEP) subdomain, which allowed them to access a trove of data, including more than 100,000 employee records.While researching security flaws in assets within the scope of The United Nations’ vulnerability disclosure program, the Sakura Sa

WhatsApp is notifying users that starting February 8, 2021, they will be obliged to share their data with Facebook, leaving them no choice. This is bad news for WhatsApp users and their privacy, the company is notifying them that starting February 8, 2021, they will be requested to share their data with Facebook companies. Curiously the announcement co

Singapore has admitted data collected for contact-tracing can be accessed by police despite earlier assurances it would only be used to fight the coronavirus, sparking privacy concerns Tuesday about the scheme.The city-state has a programme called "TraceTogether" for tracking close contacts of Covid-19 patients, that works via both a phone app and a dongle.T

Data security solutions provider Netwrix has merged with Stealthbits, a cybersecurity company focused on protecting sensitive data and credentials. Founded in 2006, the Irvine, California-based Netwrix claims to provide over 10,000 organizations around the world with the necessary tools to reclaim control over sensitive, business-critical data, helping

Fines issued for violations of the EU’s General Data Protection Regulation (GDPR) in 2020 exceeded €170 million, or roughly $200 million.The GDPR, which requires organizations to protect the personal data and privacy of EU citizens, came into force in May 2018, and, based on publicly available information, it since resulted in fines totaling more than €250 m

byPaul DucklinA lot of technical articles, especially in the fields of computer science and information security, put you on the horns of a dilemma.To become an expert, you first need to read the article; yet to understand the article, you first need to be an expert.Well, here on Naked Security, we go out of our way to avoid this sort of “cybersecurity

OneTrust, a provider of privacy, security and data governance tools, announced a $300 million Series C funding round led by new investor TCV.The company’s valuation has nearly doubled in the past ten months, jumping from $2.7 billion when the company announced its $210 million Series B round in early 2020, to a current valuation of $5.1 billion.Announced jus

2020 was dominated by news of the pandemic and anchored by reality that we all found ourselves in – entire families logging in remotely, trying to keep school and work feeling “normal.” While we tested the limits of what a home office could sustain, the privacy and security of a fully remote world was put front and center. In this piece, we take a look

byPaul DucklinThanks to Naked Security reader M Carter for their help with this article.Last week, we warned of a Facebook Messenger scam that used a bogus video to lure you onto a phoney Facebook login page.In that scam, the crooks were using stolen Messenger passwords to phish for yet more Messenger passwords by sending messages that genuinely seemed to co

Microsoft, Cisco, GitHub, Google, LinkedIn, VMware and the Internet Association have filed an amicus brief in support of WhatsApp in the legal case against the NSO Group.Facebook-owned messaging service WhatsApp filed the lawsuit in October 2019 in California, accusing Israeli technology firm NSO Group of spying on journalists, human rights activists and oth

A recently observed Pegasus spyware infection campaign targeting tens of Al Jazeera journalists leveraged an iMessage zero-click, zero-day exploit for infection.The Israel-based NSO Group, which has approximately 600 employees in Israel and abroad, made it to the spotlight several years ago, after security firms identified and analyzed Pegasus, a highly inva

byPaul DucklinHere’s our latest Naked Security Live talk, discussing IM scams and how to avoid them, as well as giving you some pointers on how to think like a scammer and thereby stay one step ahead.Don’t forget that receiving a message from a friend’s account doesn’t always mean your friend actually sent the message – if their

With the release of its latest operating system updates – macOS 11.1 and iOS 14.3 – Apple has introduced a new system that shows users what data apps collect. Available in both the Mac App Store and the iOS/iPadOS App Store, these "nutrition labels," as Apple has called them, display in which of 14 data categories apps collect data, and